Two Universities in South Korea have been fined for Personal Data Breaches with penalties amounting to $459000 (Jeobunk National university) and $253 million (Ewha University) following personal data breach .
On July 28, 2024, the personal information of over 320,000 students and graduates of Jeonbuk National University was leaked. The university said that the names, phone numbers, email addresses and other details of students and graduates had been exposed in the breach. The cause was traced to lack of adequate information security measures including not implementing appropriate data retention measures based on existence of legal basis for processing.
In a similar case, the personal information of over 83,000 students and graduates of Ewha Womans University, also including RRNs, was leaked on Sept. 3, 2024.
On top of imposing monetary penalties, the data protection authority of South Korea ordered the two universities to make their violations public by making official announcements on their websites, inspect their information security systems and establish round-the-clock monitoring systems.
Last year the South Korean agency had also imposed fines on Kyungsung University (KRW 42.8 million) and Soonchunhyang University (KRW 193 million) highlighting the vulnerabilities of such organizations.
The news papers report that the commission also advised additional penalties to the personnel in charge.
These incidents highlight the risks that Indian educational institutions in India also run. Most of these institutions hold enormous data not adequately secured. Not many of them have thought of any implementation of DPDPA.
It is time for such organizations to wake up…and be ready for DPDPA.
Naavi